-
Notifications
You must be signed in to change notification settings - Fork 24
/
http.go
62 lines (52 loc) · 1.92 KB
/
http.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
package auth
import (
"context"
"net/http"
"github.com/aserto-dev/topaz/pkg/app/handlers"
"github.com/aserto-dev/topaz/pkg/cc/config"
"github.com/rs/zerolog"
)
func (a *APIKeyAuthMiddleware) ConfigAuth(h http.Handler, authCfg config.AuthnConfig) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// if no API keys are defined or EnableAPIKey is not set, allow the request
options := authCfg.Options.ForPath(r.URL.Path)
if options.EnableAnonymous {
ctx := context.WithValue(r.Context(), handlers.AuthenticatedUser, true)
h.ServeHTTP(w, r.WithContext(ctx))
return
}
if (len(authCfg.APIKeys) == 0) || !options.EnableAPIKey {
ctx := context.WithValue(r.Context(), handlers.AuthenticatedUser, true)
h.ServeHTTP(w, r.WithContext(ctx))
return
}
// if we reached this point, auth is enabled
ctx := context.WithValue(r.Context(), handlers.AuthEnabled, true)
authHeader := httpAuthHeader(r)
if authHeader == "" {
// auth header is not present => the user is unauthenticated and did not provide a token
ctx = context.WithValue(ctx, handlers.AuthenticatedUser, false)
h.ServeHTTP(w, r.WithContext(ctx))
return
}
basicAPIKey, err := parseAuthHeader(authHeader, "basic")
if err != nil {
returnStatusUnauthorized(w, "Invalid authorization header. expected 'basic' scheme.", a.logger)
return
}
if _, ok := authCfg.APIKeys[basicAPIKey]; ok {
ctx = context.WithValue(ctx, handlers.AuthenticatedUser, true)
h.ServeHTTP(w, r.WithContext(ctx))
return
}
// the user is not authenticated because the key they provided is incorrect
returnStatusUnauthorized(w, "The API key is invalid.", a.logger)
})
}
func returnStatusUnauthorized(w http.ResponseWriter, errMsg string, log *zerolog.Logger) {
w.WriteHeader(http.StatusUnauthorized)
_, err := w.Write([]byte(errMsg))
if err != nil {
log.Error().Err(err).Msg("could not write response message")
}
}